Server management tools is a new Azure service. To get started, you will need an Azure subscription. If you don’t already have an Azure subscription, check out this link on how to set one up. Once you have the subscription set up, log in to the Azure portal. After logging in successfully, look for Server management tools (SMT) in the Marketplace.
In order to use SMT, you will need to install a gateway in your environment. The gateway setup is part of the same flow as creating the SMT connection to your target server. Clicking on Create at this step will open up the Create blade (as shown below) where you will be prompted to enter details for the machine that you want to manage as well as create a gateway resource. Therefore, you will be creating two Azure resources: Server management tools connection and Server management tools gateway. The various fields of the form are explained below.
Computer name: This is the name of the machine that you want to manage as well as the name of the Server management tools connection resource. A resource is something you provision in your Azure subscription and always belongs to a Resource group. In our case the computer name is also the SMT resource name. Since the resource name is a computer name, it can either be the FQDN, NetBIOS name or the IP address for the machine. In the example above, I am using “TRNano” which is the NetBIOS name of my VM in Azure.
Subscription: The SMT connection and the gateway will be associated with the Azure subscription that you choose here. Check out this blog for more details on subscriptions.
Resource group: A resource group is a logical grouping of resources that supports a particular application or workload. For example, you may want to create SMT connections for all your File Server machines in a single resource group. You could also expand the logical grouping to say all your servers in Seattle are under a single resource group.
Location: This is the region where your resources will be hosted in Azure.
Server management tools gateway: This is the machine that will act as a proxy between the Azure portal and the machines you want to manage. SMT connection and gateway must be under the same subscription and resource group and also in the same location (Azure region).
SMT gateway setup is a two-step process –
- Create the gateway resource in Azure
- Install the gateway software on the machine that you designate as your gateway
Step 1: Create the gateway resource in Azure
- In the Create form above, specify a name for the SMT gateway. This can by a friendly name, such as “Seattle servers”, or the FQDN, NetBios name or the IP address of the server you will install the gateway software on. I am using “TRGateway” in this setup process.
- After filling out all the fields in the form, click on Create. This will kick off the deployment of the two SMT resources – connection and gateway – in Azure. Assuming you checked the “Pin to dashboard” option in the Create form, a tile will appear on the dashboard (used below). You can click on it to monitor the deployment of the resources.
- After the deployment is successful, navigate to the resource blade for the new SMT connection to TRNano. You will notice an orange notification saying “Gateway not detected…”. Click on the notification and follow the instructions to set up the gateway software on a server.
Step 2: Install the gateway software on the machine that you designate as your gateway
- Clicking on the orange notification will open the gateway blade where you can click on the blue notification for next steps. Read the details on the Gateway configuration blade.
- As an online service, SMT is evolving and may require updates to the gateway software for optimal operation. On the configuration blade, you can opt in to let the service automatically update your gateway or you can choose to control the updates and select the Manual option.
- Then click on Generate a package link. Copy this link. You will need to access this link from the server where you will be installing the gateway.
- Log in to the server on which you want to install the SMT gateway. This can be a Windows Server 2016 or a 2012R2 machine. The SMT gateway is currently not supported on a Nano server.
- Open a browser and navigate to the link you generated above.
- You will be prompted to Open or Save a zip file. Save the file to the desired location and unzip the contents.
- Run the GatewayService MSI by double clicking on it.
- Walk through the steps in the MSI.
- During the installation process, you will be prompted to create a self-signed certificate or provide an existing certificate on the computer. The certificate will be used to encrypt your credentials and we will explain this later in this post.The following components are also changed as part of the gateway software installation:
- Gateway software binaries are added to Program Files\ServerManagementToolsGateway
- Two new Windows services, ServerManagementToolsGateway and ServerManagementToolsUpdate, are installed on the system
- A registry key is created
No other ports or firewall rules are modified to support the SMT gateway.
- Continue to the next step and wait for the gateway installation to complete.
At this point SMT gateway is successfully installed and configured. You can now go back to the Azure portal and start managing the TRNano machine. You can also follow the same steps to configure the gateway on an Azure VM and manage your VMs in Azure.
If you navigate to the gateway blade, you will see gateway status as well as the list of machines associated with this gateway. In this case, I only have TRNano.
If you navigate to the TRNano connection blade, you will be required to enter the credentials.
Here you have the option to save the credentials. If you decide to do so, the credentials are encrypted using the certificate you generated as part of the gateway setup and stored in Azure. The credentials are encrypted using standard AES encryption and the certificate is always stored on the SMT gateway. The encrypted credentials are decrypted by the SMT gateway and used to process all management requests on the target machine. Even though the credentials are securely stored in Azure, the certificate provides an additional level of security because only your gateway can decrypt the stored credentials since only your gateway has the certificate.
If the credentials you entered have the permissions to access the machine, you should start to see some performance metrics for the target server and you can continue to remotely manage it.
If GUI is not your preferred way of installation, check out the wiki article published by one our MVPs, Ryen Kia Zhi Tang, on how to use PowerShell to get started. The article also talks about configuring SMT to manage Azure VMs.
Try it today!
Hope you found this post helpful. If you have any issues with gateway setup or getting started with Server management tools, please let us know by posting comments below. You can also use the feedback button in the Azure portal or submit your ideas and suggestions on our UserVoice forum. You may also follow us on Twitter. We look forward to you trying out the new capabilities and continuing to provide valuable feedback to make the service better. If you have any issues while using the service, check out the Troubleshooting guide to quickly identify and resolve the problem.